Skip to content

Commit 2fc260d

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #628 from ricardomaraschini/update-tekton-pipelines-4.20
chore: update tekton pipelines for release 4.20.
2 parents 97c896a + 8105425 commit 2fc260d

File tree

2 files changed

+59
-48
lines changed

2 files changed

+59
-48
lines changed

.tekton/kube-descheduler-operator-4-20-pull-request.yaml

Lines changed: 30 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ spec:
3333
description: |
3434
This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
3535
36-
_Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
36+
_Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
3737
This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
3838
finally:
3939
- name: show-sbom
@@ -45,7 +45,7 @@ spec:
4545
- name: name
4646
value: show-sbom
4747
- name: bundle
48-
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:002f7c8c1d2f9e09904035da414aba1188ae091df0ea9532cd997be05e73d594
48+
value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7
4949
- name: kind
5050
value: task
5151
resolver: bundles
@@ -90,6 +90,7 @@ spec:
9090
description: Image tag expiration time, time values could be something like
9191
1h, 2d, 3w for hours, days, and weeks, respectively.
9292
name: image-expires-after
93+
type: string
9394
- default: "true"
9495
description: Build a source image.
9596
name: build-source-image
@@ -147,7 +148,7 @@ spec:
147148
- name: name
148149
value: init
149150
- name: bundle
150-
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:66e90d31e1386bf516fb548cd3e3f0082b5d0234b8b90dbf9e0d4684b70dbe1a
151+
value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:08e18a4dc5f947c1d20e8353a19d013144bea87b72f67236b165dd4778523951
151152
- name: kind
152153
value: task
153154
resolver: bundles
@@ -168,7 +169,7 @@ spec:
168169
- name: name
169170
value: git-clone-oci-ta
170171
- name: bundle
171-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0fea1e4bd2fdde46c5b7786629f423a51e357f681c32ceddd744a6e3d48b8327
172+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:be82c55346e8810bd1edc5547f864064da6945979baccca7dfc99990b392a02b
172173
- name: kind
173174
value: task
174175
resolver: bundles
@@ -197,7 +198,7 @@ spec:
197198
- name: name
198199
value: prefetch-dependencies-oci-ta
199200
- name: bundle
200-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:adbd819c6b727ac0c5519475d174dcad64cfa8df6ee50acd58f7fb562c59d4f7
201+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:125aea525bcdb31ff86cb37d56e3d8369587ead48da3bc454d4344682724ca54
201202
- name: kind
202203
value: task
203204
resolver: bundles
@@ -247,7 +248,7 @@ spec:
247248
- name: name
248249
value: buildah-remote-oci-ta
249250
- name: bundle
250-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:cfeeef2f4ab25b121afdf44eecc394ed67f3534a1bd14bef9e7beef2ee654b8e
251+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:1ed04fe149488b2ea63347f2adfaa3eeb4062e594dc266358a705597dd304d7e
251252
- name: kind
252253
value: task
253254
resolver: bundles
@@ -276,7 +277,7 @@ spec:
276277
- name: name
277278
value: build-image-index
278279
- name: bundle
279-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:9c95b1fe17db091ae364344ba2006af46648e08486eef1f6fe1b9e3f10866875
280+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:72f77a8c62f9d6f69ab5c35170839e4b190026e6cc3d7d4ceafa7033fc30ad7b
280281
- name: kind
281282
value: task
282283
resolver: bundles
@@ -288,7 +289,9 @@ spec:
288289
- name: build-source-image
289290
params:
290291
- name: BINARY_IMAGE
291-
value: $(params.output-image)
292+
value: $(tasks.build-image-index.results.IMAGE_URL)
293+
- name: BINARY_IMAGE_DIGEST
294+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
292295
- name: SOURCE_ARTIFACT
293296
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
294297
- name: CACHI2_ARTIFACT
@@ -300,7 +303,7 @@ spec:
300303
- name: name
301304
value: source-build-oci-ta
302305
- name: bundle
303-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:c5e56643c0f5e19409e86c8fd4de4348413b6f10456aa0875498d5c63bf6ef0e
306+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:bfec1fabb0ed7c191e6c85d75e6cc577a04cabe9e6b35f9476529e8e5b3c0c82
304307
- name: kind
305308
value: task
306309
resolver: bundles
@@ -326,7 +329,7 @@ spec:
326329
- name: name
327330
value: deprecated-image-check
328331
- name: bundle
329-
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ecd33669676b3a193ff4c2c6223cb912cc1b0cf5cc36e080eaec7718500272cf
332+
value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f485ef8bfdaf6e6d8d7795eb2e25f9c5ee8619d52220f4d64b5e28078d568c89
330333
- name: kind
331334
value: task
332335
resolver: bundles
@@ -348,7 +351,7 @@ spec:
348351
- name: name
349352
value: clair-scan
350353
- name: bundle
351-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:68a8fe28527c4469243119a449e2b3a6655f2acac589c069ea6433242da8ed4d
354+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:417f44117f8d87a4a62fea6589b5746612ac61640b454dbd88f74892380411f2
352355
- name: kind
353356
value: task
354357
resolver: bundles
@@ -368,7 +371,7 @@ spec:
368371
- name: name
369372
value: ecosystem-cert-preflight-checks
370373
- name: bundle
371-
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:8a2d3ce9205df1f59f410529cb38134336e0a4b06ee1187b3229f26c80ecc5ba
374+
value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:f99d2bdb02f13223d494077a2cde31418d09369f33c02134a8e7e5fad2f61eda
372375
- name: kind
373376
value: task
374377
resolver: bundles
@@ -394,7 +397,7 @@ spec:
394397
- name: name
395398
value: sast-snyk-check-oci-ta
396399
- name: bundle
397-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:9a6ec5575f80668552d861e64414e736c85af772c272ca653a6fd1ec841d2627
400+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:fe5e5ba3a72632cd505910de2eacd62c9d11ed570c325173188f8d568ac60771
398401
- name: kind
399402
value: task
400403
resolver: bundles
@@ -403,7 +406,12 @@ spec:
403406
operator: in
404407
values:
405408
- "false"
406-
- name: clamav-scan
409+
- matrix:
410+
params:
411+
- name: image-arch
412+
value:
413+
- $(params.build-platforms)
414+
name: clamav-scan
407415
params:
408416
- name: image-digest
409417
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
@@ -416,7 +424,7 @@ spec:
416424
- name: name
417425
value: clamav-scan
418426
- name: bundle
419-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:386c8c3395b44f6eb927dbad72382808b0ae42008f183064ca77cb4cad998442
427+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:cce2dfcc5bd6e91ee54aacdadad523b013eeae5cdaa7f6a4624b8cbcc040f439
420428
- name: kind
421429
value: task
422430
resolver: bundles
@@ -461,7 +469,7 @@ spec:
461469
- name: name
462470
value: sast-coverity-check-oci-ta
463471
- name: bundle
464-
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:7c845b10d257b874f645ea30deeff3c1ce2b38e7b6e331564f32c8684f41b520
472+
value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:5f81372e21a3c6f4a745b723e444b6eb81a11bdff8740e0ce4b96ad42924e45e
465473
- name: kind
466474
value: task
467475
resolver: bundles
@@ -482,7 +490,7 @@ spec:
482490
- name: name
483491
value: coverity-availability-check
484492
- name: bundle
485-
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:8b58c4fae00c0dfe3937abfb8a9a61aa3c408cca4278b817db53d518428d944e
493+
value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:db2b267dc15e4ed17f704ee91b8e9b38068e1a35b1018a328fdca621819d74c6
486494
- name: kind
487495
value: task
488496
resolver: bundles
@@ -508,7 +516,7 @@ spec:
508516
- name: name
509517
value: sast-shell-check-oci-ta
510518
- name: bundle
511-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:60a7ee6ec5d00920389f03befd328cdaa159b7122a94ff3c87da287e0f32420f
519+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9
512520
- name: kind
513521
value: task
514522
resolver: bundles
@@ -534,7 +542,7 @@ spec:
534542
- name: name
535543
value: sast-unicode-check-oci-ta
536544
- name: bundle
537-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:9613b9037e4199495800c2054c13d0479e3335ec94e0f15f031a5bce844003a9
545+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2@sha256:3f99dc4634a62e1530324cd565d12323ca82be3cfa8a031a36b210becfa7b552
538546
- name: kind
539547
value: task
540548
resolver: bundles
@@ -545,8 +553,6 @@ spec:
545553
- "false"
546554
- name: apply-tags
547555
params:
548-
- name: IMAGE
549-
value: $(tasks.build-image-index.results.IMAGE_URL)
550556
- name: IMAGE_URL
551557
value: $(tasks.build-image-index.results.IMAGE_URL)
552558
- name: IMAGE_DIGEST
@@ -558,7 +564,7 @@ spec:
558564
- name: name
559565
value: apply-tags
560566
- name: bundle
561-
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:0c411c27483849a936c0c420a57e477113e9fafc63077647200d6614d9ebb872
567+
value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:264fa9591929fb60e3aca033ff168e5d98b1aafb458d6988e327a99ff494b00b
562568
- name: kind
563569
value: task
564570
resolver: bundles
@@ -581,7 +587,7 @@ spec:
581587
- name: name
582588
value: push-dockerfile-oci-ta
583589
- name: bundle
584-
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:d0ee13ab3d9564f7ee806a8ceaced934db493a3a40e11ff6db3a912b8bbace95
590+
value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:8640726ef7c5875e3b2e64c9f823921ea970674593f077cadfce3c45c9b9a2b9
585591
- name: kind
586592
value: task
587593
resolver: bundles
@@ -598,7 +604,7 @@ spec:
598604
- name: name
599605
value: rpms-signature-scan
600606
- name: bundle
601-
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:ec7f6de651458e4a5842b145e761b0d86b03b52bec1515d6d8a1b8cf107af95c
607+
value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:7d1c087d7d33dd97effb3b4c9f3788e4c3138da2032040d69da6929e9a3aaceb
602608
- name: kind
603609
value: task
604610
resolver: bundles

0 commit comments

Comments
 (0)